4.3
CVE-2025-22503 - WordPress Admin debug wordpress β enable debug Plugin <= 1.0.13 - Cross Site Request Forgery vulnerβ¦
Cross-Site Request Forgery (CSRF) vulnerability in digitalzoomstudio Admin debug wordpress β enable debug dzs-enable-debug allows Cross Site Request Forgery.This issue affects Admin debug wordpress β enable debug: from n/a through <= 1.0.13.
7.6
CVE-2025-22507 - WordPress WPMU Prefill Post Plugin <= 1.02 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in iDo8p WPMU Prefill Post wpmu-prefill-post allows SQL Injection.This issue affects WPMU Prefill Post: from n/a through <= 1.02.
6.5
CVE-2025-22511 - WordPress Slides & Presentations Plugin <= 0.0.39 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ella Van Durpe Slides & Presentations slide allows Stored XSS.This issue affects Slides & Presentations: from n/a through <= 0.0.39.
4.3
CVE-2025-22512 - WordPress Help Scout Plugin <= 6.5.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in BoldGrid Help Scout help-scout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Help Scout: from n/a through <= 6.5.6.
6.5
CVE-2025-22515 - WordPress Show Google Analytics widget plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simon Show Google Analytics widget show-google-analytics-widget allows Stored XSS.This issue affects Show Google Analytics widget: from n/a through <= 1.5.4.
6.5
CVE-2025-22516 - WordPress Metadata SEO plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hpinfosys Metadata SEO metadata-seo allows Stored XSS.This issue affects Metadata SEO: from n/a through <= 2.3.
6.5
CVE-2025-22517 - WordPress List Pages at Depth plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ben Huson List Pages at Depth list-pages-at-depth allows Stored XSS.This issue affects List Pages at Depth: from n/a through <= 1.5.
6.5
CVE-2025-22518 - WordPress Justified Image Gallery plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginsPoint Justified Image Gallery justified-image-gallery allows Stored XSS.This issue affects Justified Image Gallery: from n/a through <= 1.0.
8.5
CVE-2025-22519 - WordPress eDoc Easy Tables Plugin <= 1.29 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jerodmoore eDoc Easy Tables edoc-easy-tables allows SQL Injection.This issue affects eDoc Easy Tables: from n/a through <= 1.29.
7.1
CVE-2025-22520 - WordPress Tock Widget Plugin <= 1.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Tock Tock Widget tock-widget allows Cross Site Request Forgery.This issue affects Tock Widget: from n/a through <= 1.1.